You are here

Home

Vulnerability Awareness: Palo Alto Firewalls Vulnerability and Guidance

Vulnerability Awareness: Palo Alto Firewalls Vulnerability and Guidance

Created: Tuesday, April 16, 2024 - 13:18
Categories:
Cybersecurity, Federal & State Resources, Security Preparedness

Action may be required: Utilities using impacted PAN-OS firewalls, versions 10.2, 11.0, and 11.1 configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled, are highly encouraged to review and address accordingly.

Over the weekend, Palo Alto Networks released workaround guidance for a command injection vulnerability (CVE-2024-3400) which affects PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. WaterISAC is sharing this for member awareness.

On Sunday, Palo Alto Networks started issuing hotfixes for the impacted PAN-OS versions. WaterISAC encourages users and administrators to review the Palo Alto Networks Security Advisory, apply current mitigations, and update affected software as Palo Alto Networks continues to make the fixes available.

Description of the vulnerability from Palo Alto Networks: “A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.”

“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled. You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals) and verify whether you have device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry).”

Additional Resources: